Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Updates dominated the week, with system administrators having to work through Microsoft's monthly Patch Tuesday release, Adobe's quarterly update for Reader and Acrobat, and Oracle's out-of-band update to fix a denial-of-service vulnerability.

Microsoft's Patch Tuesday did not have any surprises since the company had accidentally released the details the week before. All five bulletins had been rated "important." However, the Internet Storm Center at the SANS Institute cautioned that Microsoft may be under-reporting the severity of three of the patches. The difference lies in the fact that Microsoft rates vulnerabilities that require the targeted user to do something before it can compromise the system, such as opening a file, as "important," Wolfgang Kandek, CTO of Qualys, told eWEEK. Qualys considers that opening an Excel or Word file is considered a normal activity, and has given the bulletins higher priority.

Adobe released a much larger update, with 13 patches fixing critical vulnerabilities in Reader and Adobe. The updates repaired a number of remote code execution flaws in Reader and Acrobat X, 9.x and 8.x. Adobe's quarterly patch update also included a fix to the Adobe Approved Trust List to remove the DigiNotar Qualified Certificate Authority certificate.

A few weeks after Apache developers rolled out a fix to patch the security bug in how the Apache Web server handled HTTP headers, Oracle released its own out-of-band update for its application servers that are based on Apache software. When exploited, attackers could cause denial of service on servers by consuming memory and CPU resources. Oracle patched the flaw in Oracle Fusion Middleware, Oracle Application Server and Oracle Enterprise Manager.

Further reading

Cyber-criminals targeting financial institutions were a popular topic this week. Federal law-enforcement officials testified at a Congressional hearing that criminals were increasingly targeting financial institutions. Online account takeovers were on the rise, even though organizations were getting better at stopping the money from being transferred out of the institution. Criminals are getting better at coming up with new tactics, and organizations needed to step up their security defenses, the officials said.

Financial cyber-criminals are relying on social-engineering tactics to compromise accounts, whether it's by tricking users into clicking on a phishing or spear-phishing email, opening an attachment containing a malicious Adobe document or opening a link posted on the social-networking sites, according to a presentation at the New York InfraGard Cyber-Defense Summit this week.

Insider threats were also a big concern this week, as the financial world was rocked by the admission from Swiss bank UBS that a rogue trader had executed unauthorized trades that could cost the company $2 billion in losses. Organizations are often overlooking their employees, especially highly "trusted" ones when assessing risk and implementing security policies. Senior executives may not be subject to the same checks as the rest of the organization, when they should be subject to more because they have "extraordinary access to assets," according to John Rostern, managing director at Coalfire.

RSA Security revealed some findings from its closed-door summit in July on advanced persistent threats. Security professionals from government agencies and the private sector acknowledged that APTs were more prevalent than publicly assumed.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.